Lennart Poettering [Tue, 5 Dec 2017 20:46:58 +0000 (21:46 +0100)]
man: fix binary path in systemd(1) (#7550)
Otherwise people might assume that systemd was installed in the $PATH,
but it is not. Do the same as for systemd-vconsole-setup.service and
friends: let's include the full path in the man page.
Zbigniew Jędrzejewski-Szmek [Tue, 5 Dec 2017 20:43:14 +0000 (21:43 +0100)]
Merge pull request #7532 from yuwata/test-execute
test-execute: add test for that DynamicUser= migrates StateDirectory=
Zbigniew Jędrzejewski-Szmek [Tue, 5 Dec 2017 20:40:21 +0000 (21:40 +0100)]
Merge pull request #7539 from yuwata/man-options
Add missing parsing and documentation for several options
Lennart Poettering [Tue, 5 Dec 2017 17:53:24 +0000 (18:53 +0100)]
Merge pull request #7494 from poettering/nspawn-cgroups
some nspawn cgroup fixes + dissecting and testing love
Michal Koutný [Tue, 5 Dec 2017 15:51:19 +0000 (16:51 +0100)]
service: Don't stop unneeded units needed by restarted service (#7526)
An auto-restarted unit B may depend on unit A with StopWhenUnneeded=yes.
If A stops before B's restart timeout expires, it'll be started again as part
of B's dependent jobs. However, if stopping takes longer than the timeout, B's
running stop job collides start job which also cancels B's start job. Result is
that neither A or B are active.
Currently, when a service with automatic restarting fails, it transitions
through following states:
1) SERVICE_FAILED or SERVICE_DEAD to indicate the failure,
2) SERVICE_AUTO_RESTART while restart timer is running.
The StopWhenUnneeded= check takes place in service_enter_dead between the two
state mentioned above. We temporarily store the auto restart flag to query it
during the check. Because we don't return control to the main event loop, this
new service unit flag needn't be serialized.
This patch prevents the pathologic situation when the service with Restart=
won't restart automatically. As a side effect it also avoid restarting the
dependency unit with StopWhenUnneeded=yes.
Fixes: #7377
Lennart Poettering [Tue, 5 Dec 2017 15:42:58 +0000 (16:42 +0100)]
hexdecoct: fix comment typo (#7548)
Yu Watanabe [Sun, 3 Dec 2017 05:27:32 +0000 (14:27 +0900)]
test-execute: add test for that DynamicUser= migrate StateDirectory=
Test for
949befd3f09e8c06a908ec99efd241666c21d944.
Yu Watanabe [Tue, 5 Dec 2017 15:36:55 +0000 (00:36 +0900)]
test-execute: cleanup
This makes rename the test units by a consistent naming scheme,
add several logs, and sort internal functions.
No functional change.
Yu Watanabe [Mon, 4 Dec 2017 06:42:48 +0000 (15:42 +0900)]
man: journal-remote: add missing options
This adds documents about supported, mainly SSL related, options
in jurnal-remote, journal-upload, and journal-gatewayd.
Yu Watanabe [Mon, 4 Dec 2017 06:25:08 +0000 (15:25 +0900)]
man: fix typo
Yu Watanabe [Mon, 4 Dec 2017 05:20:56 +0000 (14:20 +0900)]
man: include standard-options.xml in systemd-hwdb(8)
Yu Watanabe [Tue, 5 Dec 2017 13:47:18 +0000 (22:47 +0900)]
man: add missing options to and use standard-options.xml in udevadm(8)
Yu Watanabe [Tue, 5 Dec 2017 14:30:10 +0000 (23:30 +0900)]
udevadm: getopt() and help message cleanup
This adds missing options, mainly '--version' in getopt(), removes
an unused option from getopt().
Also, this adds a deprecate message in `udevadm hwdb`, and cleanups
help messages.
Follow-up for
65eb4378c3e1de25383d8cd606909e64c71edc80.
Lennart Poettering [Tue, 28 Nov 2017 19:11:52 +0000 (20:11 +0100)]
fstab-generator: port some code to strextend_with_separator()
Lennart Poettering [Tue, 28 Nov 2017 18:42:15 +0000 (19:42 +0100)]
test: add a simple script that runs all our integration tests one after the other
Lennart Poettering [Tue, 28 Nov 2017 18:37:32 +0000 (19:37 +0100)]
tests: don't use "netcat" for testing TEST-10-ISSUE-2467
Apparently there are a myriad of netcat implementations around, and they
all behave slightly differently. The one I have on my Fedora 27
installation will cause a failure when invoked as "nc -U" on an AF_UNIX
socket whose connections are immediately disconnected, thus causing the
test to fail.
Let's avoid all ambiguities in this regard, and drop usage of netcat
altoegther. Instead let's use a FIFO in the file system, which we can
connect to with only shell commands, and is hence much simpler and
more reliable to test with.
The actual test is supposed to validate that PID 1 doesn't hang when
activation of a socket-activated service fails, hence which transport
mechanism is used ultimately doesn't matter, as long as we activate the
service, and we do here...
Lennart Poettering [Tue, 28 Nov 2017 18:36:52 +0000 (19:36 +0100)]
tests: make TEST-10-ISSUE-2467 also run in nspawn
No reason not to run it in nspawn, and it's easier to debug than the
qemu version.
Lennart Poettering [Tue, 28 Nov 2017 16:58:00 +0000 (17:58 +0100)]
nspawn: when in hybrid mode, chown() both the legacy and the unified hierarchy to the root in the container
If user namespacing is used, let's make sure that the root user in the
container gets access to both /sys/fs/cgroup/systemd and
/sys/fs/cgroup/unified.
This matches similar logic in cg_set_access().
Lennart Poettering [Tue, 28 Nov 2017 15:46:26 +0000 (16:46 +0100)]
nspawn: make sure images containing an ESP are compatible with userns -U mode
In -U mode we might need to re-chown() all files and directories to
match the UID shift we want for the image. That's problematic on fat
partitions, such as the ESP (and which is generated by mkosi's
--bootable switch), because fat of course knows no UID/GID file
ownership natively.
With this change we take benefit of the uid= and gid= mount options FAT
knows: instead of chown()ing all files and directories we can just
specify the right UID/GID to use at mount time.
This beefs up the image dissection logic in two ways:
1. First of all support for mounting relevant file systems with
uid=/gid= is added: when a UID is specified during mount it is used for
all applicable file systems.
2. Secondly, two new mount flags are added:
DISSECT_IMAGE_MOUNT_ROOT_ONLY and DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY.
If one is specified the mount routine will either only mount the root
partition of an image, or all partitions except the root partition.
This is used by nspawn: first the root partition is mounted, so that
we can determine the UID shift in use so far, based on ownership of
the image's root directory. Then, we mount the remaining partitions
in a second go, this time with the right UID/GID information.
Lennart Poettering [Tue, 28 Nov 2017 15:37:53 +0000 (16:37 +0100)]
string-util: rework strextend() to optionally inset separators between each appended string
This adds a new flavour of strextend(), called
strextend_with_separator(), which takes an optional separator string. If
specified, the separator is inserted between each appended string, as
well as before the first one, but only if the original string was
non-empty.
This new call is particularly useful when appending new options to mount
option strings and suchlike, which need to be comma-separated, and
initially start out from an empty string.
Lennart Poettering [Mon, 27 Nov 2017 19:57:17 +0000 (20:57 +0100)]
cgroup: also include "cgroups.threads" in the list of files to chown
Also, add "cgroups.stat". It's read-only anyway, hence its UID/GID
ownership matters little, but it's probably a good idea to keep it
ownership in sync with the other read-only files such as
"cgroups.controllers".
Also, order the list of files alphabetically.
Lennart Poettering [Mon, 27 Nov 2017 19:49:35 +0000 (20:49 +0100)]
nspawn: figure out cgroup mode *after* mounting image
If we operate on a disk image (i.e. --image=) then it's pointless to
look into the mount directory before it is actually mounted to see which
systemd version is running inside...
Unfortunately we only mount the disk image in the child process, but the
parent needs to know the cgroup mode, hence add some IPC for this
purpose and communicate the cgroup mode determined from the image back
to the parent.
Lennart Poettering [Mon, 27 Nov 2017 19:48:46 +0000 (20:48 +0100)]
path-util: when checking systemd versions, check both lib and lib64
We need to check both to be compatible with multilib images.
Zbigniew Jędrzejewski-Szmek [Tue, 5 Dec 2017 11:13:17 +0000 (12:13 +0100)]
Merge pull request #7542 from yuwata/build-cleanup
several build cleanups
Zbigniew Jędrzejewski-Szmek [Tue, 5 Dec 2017 09:59:24 +0000 (10:59 +0100)]
Merge pull request #7476 from jhxie/ycm-meson-backend
ycm: add initial support for the meson build system
Zbigniew Jędrzejewski-Szmek [Tue, 5 Dec 2017 09:49:25 +0000 (10:49 +0100)]
Merge pull request #7512 from yuwata/mount-create-dir
fixes related to systemd-mount and chase_symlinks()
Yu Watanabe [Tue, 5 Dec 2017 09:34:46 +0000 (18:34 +0900)]
dissect-image: remove unused variable when built without libcryptsetup (#7538)
Boucman [Tue, 5 Dec 2017 09:20:40 +0000 (10:20 +0100)]
Print the time to reach default.target in systemd-analyze time (#7383)
Example output (last line is new):
$ systemd-analyze time
Startup finished in 12.879s (firmware) + 36.999s (loader) + 1.313s (kernel) + 22.672s (initrd) + 3min 1.755s (userspace) = 4min 15.619s
graphical.target reached after 1min 39.377s in userspace
Yu Watanabe [Tue, 5 Dec 2017 07:21:16 +0000 (16:21 +0900)]
test: increase timeout for test-async
The test calls sync(). So, on the heavy io system, the 30s default
can be easily exceeded.
Yu Watanabe [Tue, 5 Dec 2017 05:07:38 +0000 (14:07 +0900)]
execute: define the variable mac_selinux_contex_net only when build with SELinux
Yu Watanabe [Tue, 5 Dec 2017 05:04:12 +0000 (14:04 +0900)]
execute: define setup_smack() only if SMACK is enabled
This suppresses the following warning
```
execute.c:2149:12: warning: ‘setup_smack’ defined but not used [-Wunused-function]
static int setup_smack(
^~~~~~~~~~~
```
Yu Watanabe [Tue, 5 Dec 2017 05:03:11 +0000 (14:03 +0900)]
bootspec: use blkid only if HAVE_BLKID is defined
Yu Watanabe [Tue, 5 Dec 2017 05:01:39 +0000 (14:01 +0900)]
meson: fix indentation
Yu Watanabe [Mon, 4 Dec 2017 04:33:46 +0000 (13:33 +0900)]
man: lists short options in systemd-udevd.service(8)
Follow-up for
2d19c17e8eafbe6c460c3cd76cf65aecd80ead87.
Yu Watanabe [Mon, 4 Dec 2017 12:05:18 +0000 (21:05 +0900)]
man: convert info to information or informational
Yu Watanabe [Mon, 4 Dec 2017 12:02:09 +0000 (21:02 +0900)]
man: add missing options
Yu Watanabe [Mon, 4 Dec 2017 04:11:25 +0000 (13:11 +0900)]
stdio-bridge: add missing option
Yu Watanabe [Mon, 4 Dec 2017 01:34:25 +0000 (10:34 +0900)]
Merge pull request #7534 from marcusfolkesson/helptext
Fix help textes for components
asavah [Mon, 4 Dec 2017 01:31:04 +0000 (03:31 +0200)]
growfs: fix building without libcrypsetup (#7535)
Lennart Poettering [Sun, 3 Dec 2017 19:57:24 +0000 (20:57 +0100)]
util-lib,tests: rework unbase64 so that we skip over whitespace automatically (#7522)
Let's optimize things a bit, and instead of having to strip whitespace
first before decoding base64, let's do that implicitly while doing so.
Given that base64 was designed the way it was designed specifically to
be tolerant to whitespace changes, it's a good idea to do this
automatically and implicitly.
Marcus Folkesson [Sun, 3 Dec 2017 17:38:18 +0000 (18:38 +0100)]
busctl: list all short options in help text
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Marcus Folkesson [Sun, 3 Dec 2017 17:37:10 +0000 (18:37 +0100)]
journal-upload: remove duplication of --help and --version in help text
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Marcus Folkesson [Sun, 3 Dec 2017 17:36:41 +0000 (18:36 +0100)]
stio-bridge: list all short options in help text
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Marcus Folkesson [Sun, 3 Dec 2017 17:36:09 +0000 (18:36 +0100)]
udevadm-control: list all short options in help text
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Marcus Folkesson [Sun, 3 Dec 2017 17:34:54 +0000 (18:34 +0100)]
udevadm-info: list all short options in help text
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Marcus Folkesson [Sun, 3 Dec 2017 17:32:53 +0000 (18:32 +0100)]
udevd: list all short options in help text
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Ikey Doherty [Sun, 3 Dec 2017 12:28:23 +0000 (12:28 +0000)]
sysusers: Provide meson argument to set gid for 'users' group (#7533)
To allow better integration with distributions requiring an explicitly
set gid for the `users` group, provide the new `-Dusers-gid` option to
set to a new numeric value.
In the absence of a specified gid, we'll fallback to the default existing
behaviour of `-` as the gid value, to automatically assign the next available
gid on the system.
Lennart Poettering [Sun, 3 Dec 2017 11:18:33 +0000 (12:18 +0100)]
mount-util: do not use the official MAX_HANDLE_SZ (#7523)
If we'd use the system header's version of MAX_HANDLE_SZ then our code
would break on older kernels as soon as the value is increased, as old
kernels refuse larger buffers with EINVAL.
Yu Watanabe [Thu, 30 Nov 2017 16:28:44 +0000 (01:28 +0900)]
mount: use chase_symlinks()
Yu Watanabe [Thu, 30 Nov 2017 16:27:53 +0000 (01:27 +0900)]
mount: do not require that the specified directory exists
If the specified direcotry does not exist, then systemd creates it
when the mount unit starts. So, it is not necessary to check the
existence in the client tool.
Yu Watanabe [Thu, 30 Nov 2017 08:55:04 +0000 (17:55 +0900)]
mount: ignore error when stop non-existing automount unit
The command `systemd-mount -u` tries to stop both mount and automount
units. If the corresponding mount unit does not exist, then it is
user's fault, that is, the specified path is not a mount point.
However, not all mount units have corresponding autmount units.
Thus, the error about non-existing automount unit is not user's falut,
and showing the error may confuse users.
So, let's ignore the error of such case.
Yu Watanabe [Sat, 2 Dec 2017 15:28:50 +0000 (00:28 +0900)]
test-fs-util: add more tests for chase_symlinks()
Yu Watanabe [Thu, 30 Nov 2017 17:23:53 +0000 (02:23 +0900)]
test-fs-util: save current directory name
Yu Watanabe [Thu, 30 Nov 2017 16:15:42 +0000 (01:15 +0900)]
fs-util: remove comment about non-existing function
Yu Watanabe [Thu, 30 Nov 2017 17:19:44 +0000 (02:19 +0900)]
fs-util: chase_symlinks(): remove unnecessary slash at the head
Before this, chase_symlinks("/../../foo/bar",...) returns //foo/bar.
This removes the unnecessary slash at the head.
Vito Caputo [Sat, 2 Dec 2017 00:53:38 +0000 (16:53 -0800)]
Merge pull request #7529 from vcaputo/trivial-style-fixups
*: fix some inconsistent control statement style
Vito Caputo [Sat, 2 Dec 2017 00:49:52 +0000 (16:49 -0800)]
*: fix some inconsistent control statement style
Vito Caputo [Fri, 1 Dec 2017 23:08:16 +0000 (15:08 -0800)]
Merge pull request #7528 from vcaputo/localectl-fix-indent
localectl: fix list_vconsole_keymaps() indentation
Vito Caputo [Fri, 1 Dec 2017 08:37:52 +0000 (00:37 -0800)]
localectl: fix list_vconsole_keymaps() indentation
Lukáš Nykrýn [Fri, 1 Dec 2017 19:34:49 +0000 (20:34 +0100)]
shared/dropin: ignore ENAMETOOLONG when checking drop-in directories (#7525)
This usually happens for device units with long
path in /sys. But users can't even create such drop-ins,
so lets just ignore the error here.
Fixes #6867
Lennart Poettering [Fri, 1 Dec 2017 16:58:58 +0000 (17:58 +0100)]
Merge pull request #7237 from keszybz/growfs
Create and grow filesystems
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2017 15:25:19 +0000 (16:25 +0100)]
NEWS: update the text a bit (#7524)
This fixes various typos, removes some duplications, and adds a bit more
detail in the few places which are potential pitfalls for users.
Also change the way the paragraphs about new options begin, because having
a paragraph saying "Two new options have been added", and then bit lower
again "Two new options have been added" is confusing.
Michael Biebl [Fri, 1 Dec 2017 12:52:32 +0000 (13:52 +0100)]
Merge pull request #7481 from poettering/bpf-test-fix
bpf-firewall: actually invoke BPF_PROG_ATTACH to check whether cgroup/bpf is available
Lennart Poettering [Fri, 1 Dec 2017 11:59:16 +0000 (12:59 +0100)]
mount-util: tape over name_to_handle_at() flakiness (#7517)
Apparently, the kernel returns EINVAL on NFS4 sometimes, even if we do
everything right, let's fallback in that case and find a different
approach to determine if something's a mount point.
See discussion at:
https://github.com/systemd/systemd/issues/7082#issuecomment-
348001289
Lennart Poettering [Fri, 1 Dec 2017 10:59:42 +0000 (11:59 +0100)]
sd-bus: validate the message type (#7520)
Now that sd_bus_message_new() is public API, we should insist on valid
message types.
Lennart Poettering [Fri, 1 Dec 2017 10:21:58 +0000 (11:21 +0100)]
systemctl: don't use get_process_comm() on non-local PIDs (#7518)
Let's not use local process data for remote processes, that can only
show nonsense.
Maybe one day we should add a bus API to query the comm field of a
process remotely, but for now, let's not bother, the information is
redundant anyway, as the cgroup data shows it too (and the cgroup tree
is show as part of status as well, and is requested from remote through
dbus, without local kernel calls).
Fixes: #7516
Zbigniew Jędrzejewski-Szmek [Fri, 1 Dec 2017 07:31:20 +0000 (08:31 +0100)]
Merge pull request #7521 from yuwata/news-236
NEWS update
Zbigniew Jędrzejewski-Szmek [Thu, 30 Nov 2017 19:54:31 +0000 (20:54 +0100)]
util-lib: handle empty string in last_path_component
Now the function returns an empty string when given an empty string.
Not sure if this is the best option (maybe this should be an error?),
but at least the behaviour is well defined.
Yu Watanabe [Thu, 30 Nov 2017 19:49:21 +0000 (04:49 +0900)]
NEWS: systemd-mount also support -G option
Yu Watanabe [Thu, 30 Nov 2017 19:48:57 +0000 (04:48 +0900)]
NEWS: fix typo
Zbigniew Jędrzejewski-Szmek [Thu, 30 Nov 2017 11:55:00 +0000 (12:55 +0100)]
man: add docs for systemd-growfs and systemd-makefs
Zbigniew Jędrzejewski-Szmek [Thu, 30 Nov 2017 11:09:36 +0000 (12:09 +0100)]
dissect-image: return error if results are ambiguous
We let the caller make the decision. Existing callers are OK with treating an
ambiguous result the same as no content, but makefs and growfs should refuse such
partitions.
Zbigniew Jędrzejewski-Szmek [Wed, 29 Nov 2017 19:02:11 +0000 (20:02 +0100)]
Add x-systemd.growfs option for fstab
Zbigniew Jędrzejewski-Szmek [Tue, 21 Nov 2017 22:18:05 +0000 (23:18 +0100)]
Add x-systemd.makefs option for fstab
I opted to completely generate a unit for both mount points and swaps. For
swaps, it would be possible to use fixed template unit like systemd-mkswap@.service,
because there's no information passed except the device name. For mount points,
that's not possible because both the device name and file system type need to
be passed. Nevertheless, I expect that options will need to passed to both mkfs
and mkswap, in which case it'll be necessary to create units of both types
anyway.
Zbigniew Jędrzejewski-Szmek [Wed, 29 Nov 2017 14:49:25 +0000 (15:49 +0100)]
fstab-generator: convert separate booleans to a flag field
It's pretty unwieldy with just three flags, and I want to add more.
Zbigniew Jędrzejewski-Szmek [Sun, 26 Nov 2017 21:51:29 +0000 (22:51 +0100)]
Add mkfs wrapper which first checks if the partition is empty
Zbigniew Jędrzejewski-Szmek [Fri, 24 Nov 2017 20:34:36 +0000 (21:34 +0100)]
growfs: add option parsing and --help/--version/--dry-run
v2:
- use arg_target
Zbigniew Jędrzejewski-Szmek [Fri, 24 Nov 2017 20:31:47 +0000 (21:31 +0100)]
shared/dissect-image: fix return value for probe_filesystem()
blkid_new_probe_from_filename() sets errno, for example EPERM.
Zbigniew Jędrzejewski-Szmek [Tue, 21 Nov 2017 17:56:52 +0000 (18:56 +0100)]
growfs: add support for resizing encrypted partitions
Zbigniew Jędrzejewski-Szmek [Wed, 29 Nov 2017 14:06:53 +0000 (15:06 +0100)]
Define CRYPT_LUKS in crypt-util.h
Also do not include libcryptsetup.h directly, but only through crypt-util.h.
This way we do not have to repeat the define in every file where it is used.
Zbigniew Jędrzejewski-Szmek [Tue, 21 Nov 2017 17:55:07 +0000 (18:55 +0100)]
growfs: do not try to resize btrfs partitions smaller then 256MB
This will not work, but the kernel does not give any useful message.
Zbigniew Jędrzejewski-Szmek [Mon, 23 Oct 2017 11:40:38 +0000 (13:40 +0200)]
Add systemd-growfs tool
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 14:56:25 +0000 (15:56 +0100)]
util-lib: export cryptsetup logging glue function
Zbigniew Jędrzejewski-Szmek [Thu, 2 Nov 2017 08:16:47 +0000 (09:16 +0100)]
util-lib: add cleanup function for crypt_free
Zbigniew Jędrzejewski-Szmek [Tue, 31 Oct 2017 15:13:05 +0000 (16:13 +0100)]
util-lib: rename path_check_fstype to path_is_fs_type
Zbigniew Jędrzejewski-Szmek [Tue, 31 Oct 2017 12:02:10 +0000 (13:02 +0100)]
util-lib: rename fd_check_fstype to fd_is_fs_type
Let's use "is" and "fs_type" for consistency with "is_fs_type".
"check" is also more ambiguous than "is".
Zbigniew Jędrzejewski-Szmek [Tue, 31 Oct 2017 10:08:30 +0000 (11:08 +0100)]
util-lib: use trailing slash in chase_symlinks, fd_is_mount_point, path_is_mount_point
The kernel will reply with -ENOTDIR when we try to access a non-directory under
a name which ends with a slash. But our functions would strip the trailing slash
under various circumstances. Keep the trailing slash, so that
path_is_mount_point("/path/to/file/") return -ENOTDIR when /path/to/file/ is a file.
Tests are added for this change in behaviour.
Also, when called with a trailing slash, path_is_mount_point() would get
"" from basename(), and call name_to_handle_at(3, "", ...), and always
return -ENOENT. Now it'll return -ENOTDIR if the mount point is a file, and
true if it is a directory and a mount point.
v2:
- use strip_trailing_chars()
v3:
- instead of stripping trailing chars(), do the opposite — preserve them.
Lennart Poettering [Thu, 30 Nov 2017 19:07:18 +0000 (20:07 +0100)]
NEWS: some preliminary work for v236 (#7519)
Totally not complete, but let's get this started.
Mathieu Trudel-Lapierre [Thu, 30 Nov 2017 17:03:50 +0000 (12:03 -0500)]
Add a "RequiredForOnline=" Link attribute for .network files (#7347)
RequiredForOnline= denotes a link/network that does/does not require being up
for systemd-networkd-wait-online to consider the system online; this makes it
possible to ignore devices without modifying parameters to wait-online.
Zbigniew Jędrzejewski-Szmek [Wed, 1 Nov 2017 15:59:30 +0000 (16:59 +0100)]
test-string-util: add another test for stripping slashes
I wrote this for my own "strip_trailing_chars" function, which was in the
meanwhile obsoleted by "delete_trailing_chars". Let's just keep the test.
Zbigniew Jędrzejewski-Szmek [Tue, 31 Oct 2017 10:30:40 +0000 (11:30 +0100)]
Add a helper for /dev/block/major:minor paths
Zbigniew Jędrzejewski-Szmek [Tue, 31 Oct 2017 08:37:15 +0000 (09:37 +0100)]
Add a little helper to make /sys/dev/block/major:minor paths
Zbigniew Jędrzejewski-Szmek [Tue, 31 Oct 2017 09:52:30 +0000 (10:52 +0100)]
test-mount-util: move test_path_is_mount_point here
path-util.c and mount-util.c are intertwined, but path_is_mount_point() is
defined in mount-util.c.
No functional difference.
Yu Watanabe [Thu, 30 Nov 2017 11:34:58 +0000 (20:34 +0900)]
core/dbus-execute: actually set PassEnvironment= (#7510)
Follow-up for #7444.
Yu Watanabe [Thu, 30 Nov 2017 11:02:20 +0000 (20:02 +0900)]
man: fix typo (#7511)
Krzysztof Nowicki [Thu, 30 Nov 2017 10:59:29 +0000 (11:59 +0100)]
Fix SELinux labels in cgroup filesystem root directory (#7496)
When using SELinux with legacy cgroups the tmpfs on /sys/fs/cgroup is by
default labelled as tmpfs_t. This label is also inherited by the "cpu"
and "cpuacct" symbolic links. Unfortunately the policy expects them to
be labelled as cgroup_t, which is used for all the actual cgroup
filesystems. Failure to do so results in a stream of denials.
This state cannot be fixed reliably when the cgroup filesystem structure
is set-up as the SELinux policy is not yet loaded at this
moment. It also cannot be fixed later as the root of the cgroup
filesystem is remounted read-only. In order to fix it the root of the
cgroup filesystem needs to be temporary remounted read-write, relabelled
and remounted back read-only.
Lennart Poettering [Thu, 30 Nov 2017 10:52:39 +0000 (11:52 +0100)]
core: support upgrading from DynamicUser=0 to DynamicUser=1 for unit directories (#7507)
This makes sure we migrate /var/lib/<foo> if it exists to
/var/lib/private/<foo> if DynamicUser=1 is set. This is useful to allow
turning on DynamicUser= on services that previously didn't use it, and
we can deal with this, and migrate the relevant directories as
necessary.
Note that "downgrading" from DynamicUser=1 backto DynamicUser=0 works
too. However in that case we simply continue to use
/var/lib/private/<foo>, which works because /var/lib/<foo> is a symlink
there after all.
Yu Watanabe [Thu, 30 Nov 2017 05:50:36 +0000 (14:50 +0900)]
Merge pull request #7444 from poettering/dbus-no-spec
unit writing escaping fixes + related fixes and additions
Vito Caputo [Wed, 29 Nov 2017 22:05:21 +0000 (14:05 -0800)]
Merge pull request #7508 from poettering/journal-n-drop
journal: fix log message when dropping messages
Lennart Poettering [Wed, 29 Nov 2017 21:11:59 +0000 (22:11 +0100)]
journal: fix log message when dropping messages
Fixes: #7506